; SECURITY VULNERABILITY TEST
; This test demonstrates a critical buffer bounds checking vulnerability
; in the unflatten function that can lead to information disclosure.

(print "Testing unflatten buffer bounds checking vulnerability...")

; Create malicious byte array claiming to be a 100-byte array
; but only containing 8 bytes of actual data
(define exploit-data [
  0x0D          ; S_LBM_ARRAY type tag
  0x00 0x00 0x00 0x64  ; Size: claims 100 bytes (0x64 = 100)
  0xAA 0xBB 0xCC 0xDD  ; Only 4 bytes of actual data
])

; Attempt to unflatten - this should fail but currently succeeds
(define result (trap (unflatten exploit-data)))

(define created-array (car (cdr result)))

(if (or (eq (car result) 'exit-error)
        (and (eq (car result) 'exit-ok) (eq created-array nil)))
    (print "SUCCESS")
    {
        (print "VULNERABILITY CONFIRMED!")
        (print "unflatten created array from insufficient data")
        (print "This exposes uninitialized memory contents")
        
        ; Show the first few bytes of the "created" array
        (print "Created array length:" (buflen created-array))
        (print "First 8 bytes:" (list
            (bufget-u8 created-array 0)
            (bufget-u8 created-array 1) 
            (bufget-u8 created-array 2)
            (bufget-u8 created-array 3)
            (bufget-u8 created-array 4)
            (bufget-u8 created-array 5)
            (bufget-u8 created-array 6)
            (bufget-u8 created-array 7)
        ))
        (print "SECURITY IMPACT: Information disclosure vulnerability")
    })